Post-quantum cryptography currently rests on a small number of hardness assumptions, posing significant risks should any one of them be compromised. This vulnerability motivates the search for new and cryptographically versatile assumptions that make a convincing case for quantum hardness. In this work, we argue that decoding random quantum stabilizer codes -- a quantum analog of the well-studied LPN problem -- is an excellent candidate. This task occupies a unique middle ground: it is inherently native to quantum computation, yet admits an equivalent formulation with purely classical input and output, as recently shown by Khesin et al. (STOC '26). We prove that the average-case hardness of quantum stabilizer decoding implies the core primitives of classical Cryptomania, including public-key encryption (PKE) and oblivious transfer (OT), as well as one-way functions. Our constructions are moreover practical: our PKE scheme achieves essentially the same efficiency as state-of-the-art LPN-based PKE, and our OT is round-optimal. We also provide substantial evidence that stabilizer decoding does not reduce to LPN, suggesting that the former problem constitutes a genuinely new post-quantum assumption. Our primary technical contributions are twofold. First, we give a reduction from random quantum stabilizer decoding to an average-case problem closely resembling LPN, but which is equipped with additional symplectic algebraic structure. While this structure is essential to the quantum nature of the problem, it raises significant barriers to cryptographic security reductions. Second, we develop a new suit of scrambling techniques for such structured linear spaces, and use them to produce rigorous security proofs for all of our constructions.

翻译：后量子密码学目前依赖于少数几个困难性假设，若其中任何一个被攻破，将带来重大风险。这一脆弱性促使我们寻找新的、密码学上通用的假设，并令人信服地证明其量子难度。在这项工作中，我们论证了解码随机量子稳定子码——这一问题是经过充分研究的LPN问题的量子类比——是一个极佳的候选。该任务占据了一个独特的中介位置：它天然适用于量子计算，同时正如Khesin等人（STOC '26）最近所示，它允许一个输入和输出均为经典值的等价表述。我们证明，量子稳定子解码的平均情况困难性蕴含了经典密码学（Cryptomania）的核心原语，包括公钥加密（PKE）和无意识传输（OT），以及单向函数。此外，我们的构造是实用的：我们的PKE方案实现了与最先进的基于LPN的PKE基本相同的效率，而我们的OT则是轮数最优的。我们还提供了实质性证据表明，稳定子解码无法归约到LPN，这意味着前者构成了一个真正全新的后量子假设。我们的主要技术贡献有两方面。首先，我们给出了从随机量子稳定子解码到一个与LPN高度相似但配备了额外辛代数结构的平均情况问题的归约。虽然这一结构对问题的量子本质至关重要，但它给密码学安全性归约带来了重大障碍。其次，我们针对此类结构化线性空间开发了一套新的加扰技术，并利用它们为我们所有的构造提供了严格的安全性证明。